twitterで @mikeda からこんなメンションきた。
どうやらこのエントリを読んでいただいたようですが、確かこれCentOS4.4の時代じゃなかったかなーと記憶してます。前職で急性胆嚢炎やっちまって入院だの自宅療養だのやってたときに書いた記憶だけが鮮明に残ってますが、CentOSだって6.0が出てProftpdもepelからインストールすると1.3.3eです。せっかくなのでアップデートしようかと。
※ 2015/11/07 追記
こちらに新しい記事がありますので、Googleなどから検索された方はこちらをどうぞ。
※注!
実はまだ作りかけで、パッケージは入ったはいいものの認証がうまくいってません!><
■ OSインストール
OSはCentOS6.0のBASEパッケージのみを選択してインストール。追加したパッケージは以下の通り。
ftp-0.17-51.1.el6.x86_64 gcc-4.4.4-13.el6.x86_64 gcc-c++-4.4.4-13.el6.x86_64 glibc-devel-2.12-1.7.el6_0.5.x86_64 glibc-headers-2.12-1.7.el6_0.5.x86_64 kernel-headers-2.6.32-71.29.1.el6.x86_64 keyutils-libs-devel-1.4-1.el6.x86_64 krb5-devel-1.8.2-3.el6_0.7.x86_64 libacl-devel-2.2.49-4.el6.x86_64 libattr-devel-2.4.44-4.el6.x86_64 libcap-devel-2.16-5.2.el6.x86_64 libcom_err-devel-1.41.12-3.el6.x86_64 libselinux-devel-2.0.94-2.el6.x86_64 libsepol-devel-2.0.41-3.el6.x86_64 libstdc++-devel-4.4.4-13.el6.x86_64 make-3.81-19.el6.x86_64 mysql-devel-5.1.52-1.el6_0.1.x86_64 mysql-server-5.1.52-1.el6_0.1.x86_64 ncurses-devel-5.7-3.20090208.el6.x86_64 openldap-devel-2.4.19-15.el6_0.2.x86_64 openssl-devel-1.0.0-4.el6_0.2.x86_64 pam-devel-1.1.1-4.el6_0.1.x86_64 patch-2.6-6.el6.x86_64 postgresql-devel-8.4.7-1.el6_0.1.x86_64 rpm-build-4.8.0-12.el6.x86_64 zlib-devel-1.2.3-25.el6.x86_64
■ epelリポジトリ インストール
[cc lang='text' ]
$ wget http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-5.noarch.rpm
$ sudo rpm -ivh epel-release-6-5.noarch.rpm
[/cc]
■ epelを一旦無効にする
[cc lang='text' ] $ sudo cp -p /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.orig $ sudo vi /etc/yum.repos.d/epel.repo $ diff /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.orig 6c6 < enabled=0 --- > enabled=1 [/cc]
■ proftpd proftpd-mysql インストール
[cc lang='text' ] $ sudo yum --enablerepo=epel install proftpd proftpd-mysql [/cc]
■ config作成
[cc lang='text' ] $ sudo cp -p /etc/proftpd.conf /etc/proftpd.conf.orig $ sudo vi /etc/proftpd.conf [/cc]
以下configファイル
[cc lang='text' ] # This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $ ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost ServerType standalone #ServerType inetd DefaultServer on AccessGrantMsg "User %u logged in." #DisplayConnect /etc/ftpissue #DisplayLogin /etc/ftpmotd #DisplayGoAway /etc/ftpgoaway DeferWelcome off PassivePorts 10000 10010 # Use this to excude users from the chroot DefaultRoot ~ !adm # Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c # Do not perform ident nor DNS lookups (hangs when the port is filtered) IdentLookups off UseReverseDNS off # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # Default to show dot files in directory listings ListOptions "-a" # See Configuration.html for these (here are the default values) #MultilineRFC2228 off #RootLogin off #LoginPasswordPrompt on #MaxLoginAttempts 3 #MaxClientsPerHost none #AllowForeignAddress off # For FXP # Allow to resume not only the downloads but the uploads too AllowRetrieveRestart on AllowStoreRestart on # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 20 # Set the user and group that the server normally runs at. User nobody Group nobody # Disable sendfile by default since it breaks displaying the download speeds in # ftptop and ftpwho UseSendfile no # This is where we want to put the pid file ScoreboardFile /var/run/proftpd.score # Normally, we want users to do a few things. AllowOverwrite yes AllowAll # Define the log formats LogFormat default "%h %l %u %t "%r" %s %b" LogFormat auth "%v [%P] %h %t "%r" %s" # TLS # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html #TLSEngine on #TLSRequired on #TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem #TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log # SQL authentication Dynamic Shared Object (DSO) loading # See README.DSO and howto/DSO.html for more details. LoadModule mod_sql.c LoadModule mod_sql_mysql.c # LoadModule mod_sql_postgres.c ModulePath /usr/libexec/proftpd/ # A basic anonymous configuration, with an upload directory. # # User ftp # Group ftp # AccessGrantMsg "Anonymous login ok, restrictions apply." # # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins # MaxClients 10 "Sorry, max %m users -- try again later" # # # Put the user into /pub right after login # #DefaultChdir /pub # # # We want 'welcome.msg' displayed at login, '.message' displayed in # # each newly chdired directory and tell users to read README* files. # DisplayLogin /welcome.msg # DisplayFirstChdir .message # DisplayReadme README* # # # Some more cosmetic and not vital stuff # DirFakeUser on ftp # DirFakeGroup on ftp # # # Limit WRITE everywhere in the anonymous chroot # # DenyAll # # # # An upload directory that allows storing files but not retrieving # # or creating directories. # # AllowOverwrite no # # DenyAll # # # # AllowAll # # # # # Don't write anonymous accesses to the system wtmp file (good idea!) # WtmpLog off # # # Logging for the anonymous transfers # ExtendedLog /var/log/proftpd/access.log WRITE,READ default # ExtendedLog /var/log/proftpd/auth.log AUTH auth # # ServerIdent on ""
RootLogin off ListOptions "-la" DefaultRoot ~ !wheel RequireValidShell off UseReverseDNS off IdentLookups off TimesGMT off TimeoutIdle 600 TimeoutLogin 300 TimeoutNoTransfer 600 TimeoutStalled 600 ShowSymlinks on MaxClientsPerHost 8 MaxHostsPerUser 2 LogFormat allinfo "%t : %u (%a [%h]) : [%s], %T, %m (%f)" LogFormat write "%t : %u : %F (%a)" LogFormat read "%t : %u : %F (%a)" LogFormat auth "%t : %u (%a [%h])" ExtendedLog /var/log/proftpd/all.log ALL allinfo ExtendedLog /var/log/proftpd/write.log WRITE write ExtendedLog /var/log/proftpd/read.log READ read ExtendedLog /var/log/proftpd/auth.log AUTH auth AllowOverwrite on AllowStoreRestart on AllowRetrieveRestart on SQLAuthenticate users #SQLAuthenticate on SQLConnectInfo proftpd@localhost:3306 proftpd PASSWORD #SQLAuthTypes Crypt SQLAuthTypes Plaintext SQLUserInfo users userid password uid gid homedir shell SQLGroupInfo groups groupname gid members #AuthOrder mod_sql.c QuotaEngine on QuotaLog /var/log/proftpd/quota-log QuotaLimitTable sql:/get-quota-limit QuotaTallyTable sql:/get-quota-tally/update-quota-tally/ insert-quota-tally SQLNamedQuery get-quota-limit SELECT "userid, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE userid = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery get-quota-tally SELECT "userid, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE userid = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE userid = '%{6}' AND quota_type = '%{7}'" quotatallies SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies QuotaLock /tmp/proftpd-quota-lock QuotaShowQuotas on QuotaDisplayUnits Gb QuotaDirectoryTally on [/cc]
MySQLのスキーマを以下のように作ります。
[cc lang='text' ] $ cat proftpd.schema CREATE TABLE groups ( groupname VARCHAR(30) NOT NULL , gid SMALLINT(5) UNSIGNED NOT NULL DEFAULT 1000, members varchar(255) default NULL, PRIMARY KEY ( groupname ), UNIQUE KEY gid (gid) ); CREATE TABLE users ( userid varchar(30) NOT NULL, password varchar(30) NOT NULL, uid SMALLINT(5) UNSIGNED NOT NULL DEFAULT 1000, gid SMALLINT(5) UNSIGNED NOT NULL DEFAULT 1000, homedir varchar(255) default NULL, shell varchar(255) default '/bin/true', PRIMARY KEY (userid), UNIQUE KEY uid (uid) ); CREATE TABLE quotalimits ( userid VARCHAR(30) NOT NULL, quota_type ENUM("user", "group", "class", "all") NOT NULL, per_session ENUM("false", "true") DEFAULT 'true' NOT NULL, limit_type ENUM("soft", "hard") DEFAULT 'soft' NOT NULL, bytes_in_avail FLOAT DEFAULT '0' NOT NULL, bytes_out_avail FLOAT DEFAULT '0' NOT NULL, bytes_xfer_avail FLOAT DEFAULT '0' NOT NULL, files_in_avail INT UNSIGNED DEFAULT '0' NOT NULL, files_out_avail INT UNSIGNED DEFAULT '0' NOT NULL, files_xfer_avail INT UNSIGNED DEFAULT '0' NOT NULL ); CREATE TABLE quotatallies ( userid VARCHAR(30) NOT NULL, quota_type ENUM("user", "group", "class", "all") DEFAULT 'user' NOT NULL, bytes_in_used FLOAT DEFAULT '0' NOT NULL, bytes_out_used FLOAT DEFAULT '0' NOT NULL, bytes_xfer_used FLOAT DEFAULT '0' NOT NULL, files_in_used INT UNSIGNED DEFAULT '0' NOT NULL, files_out_used INT UNSIGNED DEFAULT '0' NOT NULL, files_xfer_used INT UNSIGNED DEFAULT '0' NOT NULL ); GRANT SELECT,UPDATE,INSERT ON proftpd.* TO proftpd@localhost IDENTIFIED BY 'proftpd'; INSERT INTO groups VALUES ('testgroup',1000,''); #INSERT INTO users VALUES ( # 'testuser',encrypt('testuser'),1001,1000,'/var/ftpdata','/bin/true'); INSERT INTO users VALUES ( 'testuser','password',1001,1000,'/var/ftpdata','/bin/true'); INSERT INTO quotalimits VALUES ( 'testuser','user','false','hard', 524288000,0,0,0,0,0); [/cc]
ここまでできたら、あらかじめ「proftpd」データベースを作り、以下のコマンドでスキーマファイルからテーブル作成、データ投入を行います。
[cc lang='text' ] $ mysql -u root -p < proftpd.schema proftpd [/cc]
mysqldとproftpdを起動して繋がればOK!・・・のはずが、繋がらない(´・ω・`)
モジュールは読み込まれているんだけどなー。。。
[cc lang='text' ] $ sudo /usr/sbin/proftpd -vv ProFTPD Version: 1.3.3e (maint) Scoreboard Version: 01040003 Built: Thu Apr 7 2011 14:29:12 UTC Loaded modules: mod_sql_mysql/4.0.8 mod_sql/4.2.5 mod_lang/0.9 mod_ctrls/0.9.4 mod_cap/1.0 mod_vroot/0.9.2 mod_tls/2.4.2 mod_auth_pam/1.1 mod_readme.c mod_ident/1.0 mod_dso/0.5 mod_facts/0.1 mod_delay/0.6 mod_site.c mod_log.c mod_ls.c mod_auth.c mod_auth_file/0.8.3 mod_auth_unix.c mod_xfer.c mod_core.c [/cc]